LIST OF CHANGES Version 1.341 (9 Jan 2013) Fixed: a crash in Monitor. To avoid having to do a complete build, the Monitor program was released separately as Monitor1.341.exe Version 1.34 (7 Jan 2013) Added exceptq support. Fixed: slow semaphore leak. Version 1.3394 (9 Jun 2012) Fixed: the server was not responding correctly to the event semaphore \SEM32\FTPSERVER\SHUTDOWN. Released only to mailing list. Version 1.3393 (30 May 2012) Changed the implementation of the SITE MNGR EXEC command to use DosExecProg rather than DosStartSession. This should permit the command to work even if the server is detached. Dropped support for the 'G' and 'Q' keyboard commands for shutting down. Now you need to type Ctrl/C once for gradual shutdown, twice for rapid shutdown. Miscellaneous code changes forced by a change in the interface to INI/TNI handling. Minor fix: log was sometimes indicating that a session had timed out when it had exited normally. Released only to mailing list. Version 1.3392 (10 Jul 2011) Fixed: a bugfix in version 1.338 had the side-effect of stopping the "clone" operation from working. Build process changed so that the "bldlevel" command now gives the version number of ftpd.exe and setup.exe. As a side-effect, there is an extra period in the zip file name. Released only to mailing list. Version 1.3391 (27 Jun 2011) Fixed: Setup was corrupting the upload size limit. Upload size limit is now expressed in units of MiB in Setup. Upload size limit not yet documented. A faulty user name (nonexistent, or existing but inactive) is now logged. In this case a password is required but not logged. Released only to mailing list. Version 1.339 (25 Jun 2011) Fixed: Setup was forgetting the login limit. New feature: you can specify a maximum file size for uploads. At present this limit is in bytes, and it's a 32-bit number when it should be a 64-bit number, so this is just a simple prototype. Released only to mailing list. Version 1.338 (19 Jun 2011) Fixed: you can no longer create a username with leading space characters. Fixed: cloning a user without changing the username was not being caught as an error. Fixed: using the Esc key when a listbox was highlighted in Setup program was causing undesirable effects. "Limit logins" dialogue items in Setup changed to more conventional layout. Released only to mailing list. Version 1.337 (7 Jun 2011) Fixed: "Inactive user" status was being ignored. For a limited-use account, you have the option of whether an expired account is deleted or simply made inactive. Minor cosmetic change: after a user is deleted in Setup, the Delete button loses the focus. Minor cosmetic change: after the last non-default entry is deleted from an IP address list in Setup, the Delete button loses the focus. Fixed: loss of focus when opening the Setup subdialogue to modify a user's IP address controls. Reversed the change in v1.336 to show passwords in log if "hide passwords" is not specified. Bad passwords are now unconditionally shown in the transaction log. Released only to mailing list. Version 1.336 (29 May 2011) Changed Monitor program to handle file size > 4 GB. Fixed: error in implementation of 64-bit multiplication that was causing Monitor to misreport large file size. In the transaction log, the password is now obscured only if the "hide passwords" option is active. Released only to mailing list. Version 1.335 (21 Apr 2011) Cosmetic change to editing IP address lists: cleaned up distinction between "allow all" and "allow all others" Released only to mailing list. Version 1.334 (21 Apr 2011) Fixed: new users were getting spurious IP address controls. Fixed: version 1.333 (only) was incorrectly setting the 'single use' condition for some accounts. Released only to mailing list. Version 1.333 (17 Apr 2011) Minor changes to reflect a library change when opening files. Fixed: the transaction log was not being cleanly closed on exit. Policy change: transaction log now updated every minute instead of once every 15 minutes. Setup notebook now opens to the page that was last used. Extended the 'single-use account' feature to allow several uses before account is deleted. Released only to mailing list. Version 1.332 (21 Nov 2009) Added check that INI or TNI file exists. Removed obsolete LoadINI and DumpINI from distribution; GenINI now has to be downloaded separately. Released only to mailing list. Version 1.331 (20 Nov 2009) Added support for TNI files. Policy announcement: most of the command-line parameters (those that duplicate Setup functions) are now considered obsolete, and support for them will probably be dropped soon. Released only to mailing list. Version 1.33 (13 Nov 2009) Fixed: Setup was refusing to add new users. New Setup command-line options L (for local) and R (for remote). Version 1.327 (13 Jul 2009) Fixed: error in working out whether an IP address was local to the LAN. Version 1.326 (10 Jul 2009) Added a colon in lines logged to syslog. New option to specify syslog logging host. Version 1.325 (16 Apr 2009) ResetPos.cmd modified so that it also resets the position of the MONITOR.EXE windows. Version 1.324 (12 Mar 2009) Local LAN addresses are now exempted from the blacklisting of "hammerer" IP addresses. This version released to FtpServer mailing list. Version 1.323 (19 Nov 2008) Now working on approach towards permitting INI data to be taken from TNI file. VIOSetup updated to fix obsolete handling of logging options. Fixed: VIOSetup was corrupting some INI data. Fixed: Alt/F7 was disabled on some Setup windows. First version of Generic LoadINI & DumpINI added to the distribution (not yet documented). Version 1.322 (9 Oct 2008) Fixed: bug in the "Exceptions" list. This version released only privately. Version 1.321 (8 Oct 2008) Fixed: Setup bug that prevented you from changing the "logging to screen" option. Version 1.32 (29 Sep 2008) User names may now be up to 255 characters long. Option to disable logging of SITE MNGR commands. More choices in how to restrict IP addresses. Can now restrict IP addresses on a per-username basis as well as globally. Version 1.31 (31 Jul 2008) Improvements to SITE MNGR command. Provision for "Inactive account" in Setup. Fixed: crash when a "command" alpabetically greater than XRMD is received. Version 1.30 (9 Sep 2007) FEAT and OPTS commands implemented (RFC2389). INI file now taken from working directory, not program directory. Added check for repeated probes that look like a dictionary attack. This version does not update the filter in the INI file. Cleaned up transaction logging, fixed errors in logging to a pipe. Fixed a bug in calculating the end position of a file whose size is between 2 GiB and 4 GiB. Added check to block usernames starting with '$'. Internal changes to INI file handling. Fixed an error in the REST command that could arise when file size was between 2 GiB and 4 GiB. Added option to disable Telnet compatibility, so that the Russian character 'ya' can be used in a file name. Policy change, for better NetDrive compatibility: if a restart point has been explicitly set for an upload, we overwrite rather than delete an existing file. Fixed bug: crash if port > 32767 in remote Setup. Fixed a bug in syslog priority code. Transaction log may now be sent to syslog and/or to a pipe, as well as the existing screen/disk options. New command SITE UTIME, which some ftp clients can use to set the timestamps on an uploaded file. VIOSetup now supports the "suppress logging" option. Policy change: if logging is suppressed for a user, we suppress all logging for that user, not only the transaction logging. Workaround for thunking bug when calling VIO functions. New error code (452) for not enough space on an upload. Better implementation of the Setup option to switch to and from multiple INI files. Fixed bug: Setup was crashing when editing directories for a new user. The transaction log now includes replies as well as commands. Check for non-numeric REST argument. Ability to omit a user from the transaction log. Files to be downloaded are now opened in shared-access mode. New option to split the FTPD.INI into many different files, for the case where there are many user accounts. The main Setup notebook now remembers the font dropped on it from the font palette, and the font dropped on the page tabs. Version 1.20 (04 Oct 2003) Implemented the STAT command, which was the only command from the FTP standard that was missing. (Nobody seems to use it, but it should be there for completeness.) Made the option of restricting port numbers independent of the 'behind firewall' option. Reject PORT command with port<1024, or PORT commands from any guest user who specifies an IP address different from the IP address for the command channel. Two-second delay after an incorrect password, and client is disconnected after three password errors. Added a 30-second delay before sending the error message to a banned host. More careful timeout check for an upload. Corrected an error in time zone calculation. Allow P@SW as a synonym of PASV. Version 1.16 Added ability to specify the log file names/locations. Improved version of MOVELOG.CMD (in the tools directory). Version 1.15 Added separate speed limit for uploads. Fixed bug: IP filter incorrect in Setup.exe (mask problem) Fixed minor bug in LogAnalysis: failure to recognise that '/' and '\' are equivalent in file names. Added a NIL check to TaskControl.SuspendMe. Extended anti-tagger criteria. Added Migrate.cmd to the tools directory. Extended watchdog task to handle sockets that refuse to be killed. Version 1.10 Tidied up the 'tools' subdirectory. Added a check for blank username. Disabled error popup when Setup refers to a drive that is not present. More sensible default for minimum data port behind firewall if no minimum has been specified. Added options to hide and/or encrypt passwords. Version 1.05 Fixed a crash on hacker attempt to create impossible directory. Fixed a socket leak in passive mode. Change to way nameserver lookup is done, for better performance in the case of a denial-of-service attack. Added logging of soclose() failures. Version 1.00 Allow shutdown from external event semaphore. Version 0.96 Guard against empty name in the antitagger checks. Expansion of the criteria for detecting a tagger. Version 0.95 Allow rename of directory, if user has rename permission. Allow more than 100 entries in the allow/deny list. Slight strengthening of tagger detection. Version 0.94 Fixed bug: Setup was getting the user count wrong if you cancelled an 'add user' operation. Added the anti-tagger option. Add the 'X' command-line parameter. Most changes made by the Setup program are now seen immediately, without having to shut down and restart the server daemon. Added the concept of a "user template" which allows groups of users to share the same access permissions. Added command line option to specify a different INI file. Fixed crash that occurs when welcome0.msg contains an %a or %A. Refinement of the "behind firewall" rules. You can now specify a range of local addresses that are exempt from the "behind firewall" rules. Added single-use user accounts. Version 0.93 Minor change to reply to STOU command, to comply with RFC 1123. Fixed error: if an uploaded file was smaller than an existing file of the same name, the file kept its old size. Added a user count to the Setup 'Users' page. Fresh build of Monitor.exe, to compensate for an accidental back-levelling in version 0.92. Version 0.92 Added Setup options for working from behind a firewall. Fixed a bug related to restarting an upload operation. Added support for files bigger than 2GB (but only for Warp 4.51 or better). Fixed minor bug: program was turning off the Caps Lock, Num Lock, and Scroll Lock at startup. Made the big GO button on Setup the default, so that you can select it with the key. Added some log messages for watchdog timer. Fixed monitor bug: monitor was crashing if port > 32767. Version 0.91 Changed the response to the MDTM command to give GMT rather than local time. Speed estimate added to Monitor program. Monitor now remembers its size. Added the %a and %A (client IP address & hostname) and %v (version) macros. Version 0.90 Fixed a serious bug: we were allowing only one person at a time to download a given file. Version 0.89 Fixed an error in LIST -d (used in "get recursive") Version 0.88 Added remove.cmd to the distribution. Fixed some filename-parsing problems in LoadPRM. Removed dependency on RndFile library module. Fixed: crash when welcome0.msg does not end with CRLF. Fixed: file deleted if it was renamed to the same name. Fixed: duplicate entries in directory listing when the directory contained more than 50 subdirectories. Version 0.87 Fixed: crash when someone tries to log in with blank username. Fixed: crash when trying to send welcome0.msg. For better compatibility with clients, directory and welcome messages are line-wrapped after 79 characters. Fixed: premature termination when ftpd called from inetd. Allowed for larger numbers in the Monitor "byte count" field. Source code removed from distribution. Version 0.86 PMSetup.exe renamed to Setup.exe. Allow a change to security parameters to take effect immediately, without having to shut down the server. Correction to the check that renamed file is on same drive. Fixed problem where Monitor was crashing on a long command. More careful error checking in Monitor. Changed the permission rules so that an "append" does not require delete permission, only write permission. Changes to prevent a session staying alive forever when a client disconnects during a data transfer. Limit on recursion using %i macro. Version 0.85 Client must now have read permission for any file in a %i macro in dir.msg. This plugs a potential security hole. Version 0.84 Deny client access to device names (CLOCK$, COM1, etc.). Renamed Setup to VIOSetup. Version 0.83 (not publicly released) Fixed a bug in new Monitor (it was forgetting the host name). Added optional command-line parameter to Monitor to specify the name of the INI file. Added an "About" box to Monitor. Version 0.82 Updated LoadPRM and StorePRM to include real name, notes, and speed limit in the PRM files. Added last command to the information returned by the SITE MNGR LIST command. Monitor utility completely rewritten. Real name field added to text-mode Setup. Version 0.81 Fixed a bug in interpretation of "CWD \". Made the 150 response to a RETR command more informative. Added "real name" and "notes" to user details (PMSetup). Version 0.80 Added a new category of file permission: rename. PMSetup now documented. Version 0.79 Stopped PMSetup from looking at local drives when it should be looking at remote drives. The fix requires an upgrade to version 0.6 (or higher) of INIServe. Fixed a password problem - passwords were being mishandled as a side-effect of using PMSetup. Version 0.78 PMSetup added to distribution. Now using version 2.32 of compiler. "Space available" check now done during an upload instead of only at start of upload. Fixed Setup bug (was mishandling transaction log option). Small changes to common log format. Minor change to handling of nameserver failure. Version 0.77 Rewrote LogAnalysis to use less memory. Complete outstanding logging on a 'Q' keyboard command. Fixed listing problem for very long file names. Added COMMON.LOG, and changed the Setup utility slightly to add the option to use the common log format. Fixed minor bug in Setup. (Space key causing looping.) Corrected an error in LogAnalysis. (Failing to read all records.) Version 0.76 Fixed a problem for the case where "rename" uses a path name. LogAnalysis utility added to the distribution. WELCOME2.MSG is no longer used (it has been superseded by WELCOME.MSG). New command SITE MNGR EXEC. Version 0.75 Fixed a memory leak (in MDTM) that was causing problems after many files had been transferred. Minor change to screen output. Fixed an incompatibility with NetCache proxy. Fix for file names starting with '-'. Earlier killing of timeout checker where no longer needed. Slight change in response to PWD command. Version 0.74 Added option to bind to a specific IP address. Can now set a transfer speed restriction for each user. New setup option to clone an existing user. Version 0.73 More flexible way of controlling which clients may connect. Fixed an error in "cd .." from a directory defined by a link. Now restores original ANSI state on exit. The output of StorePRM is now more human-readable. User limit field added to PRM file format. The "welcome message" arrangement is now: Welcome0.MSG is sent on the initial connection, and Welcome.MSG and Welcome2.MSG are sent after login. (All three files are optional, and it is recommended that only one of them be used.) This is a transition arrangement; in a later version support for Welcome2.MSG will be dropped. Version 0.72 New "include file" macro in welcome messages or directory messages. Welcome.MSG renamed to Welcome0.MSG. (This is a transition arrangement. In a later version Welcome2.MSG will be replaced by Welcome.MSG.) Repaired a security leak: in one special case users could see a directory that they weren't supposed to see. Removed some redundant spaces, and repaired an overflow error, in the response to the SIZE command. (This might fix a problem some people have been having with the "reget" option in NcFtp.) "Linger on close" disabled, because it turns out to be incompatible with some versions of the TCP/IP stack. Fixed two bugs in Setup (tree threading corrupted when a node's rightmost child was deleted; root directory of a FAT partition being misclassified as a file). Suppressed initial "drive not ready" popup for a floppy disk. Version 0.71 Symbolic links implemented. Fixed logging error: miscalculation of transfer time when time wraps past midnight. Changed the response to the HELP command, for Windows clients that weren't happy with the original 'RTFM'. Activated the "linger on close" option for file transfers, to make user logging more accurate. Listing format changed slightly so as to report the same permissions for owner, group, and world. (An ftp client should only ever use the "world" permissions, but it seems that some clients aren't smart enough to realise that.) Added support for NLST -a. Added a check for restart point beyond end of file. Version 0.70 Added a check for transfer so fast that system reports a negative transfer time. Changed the rules for permission to delete a directory. To delete a directory, the user must now have delete permission in the parent of the directory to be deleted. (This is more consistent with the existing rules about read and write permissions. For example, it's the parent directory's permissions that are relevant when deciding whether it's legal to create a subdirectory.) Version 0.67 Fixed an arithmetic overflow that could occur when logging transfers that took a long time. Fixed a problem that would sometimes cause NcFtp to think that a non-directory file was a directory. Version 0.66 Suppressed the "drive not ready" popup for removable drives. (This is about the third time I've fixed this. I don't know why it keeps coming unfixed.) Modified the interpretation of the Unix-style listing flags, to get a better compromise between OS/2 conventions and Unix conventions. Changed the layout of a directory listing - the old layout was preventing "get recursive" from working. (The RASH flags were confusing NcFtp.) Added ".." to the listing of the root directory of a FAT partition, for users with multiple home directories. Version 0.65 Fixed a crash that happens when logging the transfer rate of a very large file. Version 0.64 User editor in Setup now sorts the user names. Added an option for registration via BMT Micro (see FtpServer.INF for details) Version 0.63 Added NIL checks for unusual conditions, e.g. session aborted before a session record has been established. Fixed an error that would sometimes make the size of an uploaded file too big. Fixed a storage deallocation error in nameserver lookup. Fixed an error in the calculation of free space (an error that was sometimes causing a crash on an attempted upload) Minor modification to file transfer operations to work around a bug in some versions of TCP/IP. Improved handling of "abort": NcFtp should no longer hang. Version 0.62 Fixed a bug in the implementation of "CWD .." - in some cases, it was allowing users to get to a directory they shouldn't see. Fixed a minor memory leak. Changed the method of calculating disk free space, to avoid overflow when the disk is large. Version 0.61 Fixed a problem related to out-of-band data while processing an "abort" operation. Changed the "transfer failed" error code to fix an incompatibility with NcFtp's "abort" operation. NLST no longer includes directories in its listing. Major internal restructuring to avoid redundant directory lookups. Modified the interpretation of the Unix-like listing flags to be more compatible with NcFtp's "get recursive". Minor change to the definition of user logging level. Transfer times in user log now reported to two decimal places. In Monitor utility, the host can be specified as either a numeric IP address or a textual hostname. Version 0.60 No change. This is a simple renumbering so that I can upload a new version to Hobbes. Version 0.58 Fixed a bug that crashed session when LogLevel > 1. Better handling of machines with multiple IP addresses. Setup allows longer path names for home directories. Version 0.57 Added user limit for each username. A couple of extra macros for welcome and directory messages. Can now shut down server from Monitor utility. More firewall-friendly? - still need to verify this. User log now shows full pathnames for files. (This means that it's no longer necessary to log "change directory" commands, so I'll remove that option after one or two versions.) Fixed an incompatibility with DBCS. Fixed an incompatibility with TVFS. Version 0.56 (Never released) Version 0.55 Added SITE MNGR EXIT and SITE MNGR GXIT commands, to allow the server to be shut down remotely. Usernames are no longer case-sensitive. Option to have a welcome message after login - you do this by creating a file WELCOME2.MSG. Client can suppress Welcome2 and directory messages by putting a '-' in front of the password. Host name lookup moved to a separate thread, so that sessions are not delayed by a slow or non-working nameserver. Minor change to format of StorePRM output, to make it more readable. Fixed inappropriate error message when trying to fetch a directory. Added an optional transaction log. Version 0.54 Fixed problem where server would crash if a user never logged in. Fixed minor bugs in LoadPRM and StorePRM. Setup and ftpd no longer look for user data in PRM files. If you want to continue using PRM files, you must explicitly load them with LoadPRM. The X command-line parameter (which has been obsolete for several versions now) is no longer supported. Reduced the thread stack size (Setup doesn't like large stacks). The "FtpServer ready" message now identifies the version. Minor cosmetic changes to Setup. Version 0.53 Manager can now fetch system and hidden files. Complete re-work of the underlying support for threads. This fixes a bug that has been in FtpServer since the very first version; and it should eliminate the random crashes that some people have been experiencing. Server now looks for user permissions in its INI file. If it can't find them there, it looks for a PRM file. Similarly, the Setup program picks up users from both the INI file and the *.PRM files. When it saves modified data, however, it saves it only in the INI file. Utilities LoadPRM and StorePRM added to the distribution, to transfer data between PRM files and the server's INI file. These are of interest only to people who want to continue with manual editing of PRM files. Version 0.52 Removed spurious characters in "Connection refused" message. Monitor and Setup programs no longer insist on a 25-line screen. Stricter test for permission to rename a file. Server no longer objects to being shut down with Ctrl/C. "Drive not ready" popups disabled. Server can now lock out clients with specified IP addresses. Client host name now appears in log file, if available from nameserver. Date/time added to screen messages. Password no longer displayed in screen messages. Version 0.51 Added SITE MNGR KILL command, and an option in MONITOR.EXE to kill a session. DETFTPD.EXE dropped from distribution; instead, FTPD.EXE now determines for itself whether it is running detached. ADMIN and USEREDIT programs scrapped; replaced by SETUP.EXE and MONITOR.EXE. Fixed an error that stopped the utility programs from exiting properly when run in a full-screen session or via Telnet. Documentation converted to INF format. We no longer log "change directory" commands that fail. [Untested] Version 0.50 Fix for unreleased socket if session aborts in passive mode. Program now sets its working directory correctly even if started from another directory or drive. New program USEREDIT.EXE to edit permission files. Minor change (optional semicolon) in syntax of permission files. Extra option X to suppress screen I/O. DETFTPD.EXE (for detached operation) included in the distribution. Version 0.46 Workaround for the bug in recent TCP/IP versions (e.g. 4.02o) that stopped the program from shutting down properly. Version 0.45 Added FTPD.INI to hold default parameters. The ADMIN program can now create and edit this INI file. Fixed the ALLO command. Added checks for dangling unclosed sockets. Limit on number of guest users. Tidied up some internal data structures, and removed a memory leak. Version 0.44 Suppressed the "drive not ready" popup for removable drives. Fixed (I hope) a bug that was causing the server to crash if a session terminated at just the wrong time. Added the SITE MNGR LIST command. (Not yet documented) Included a first crude version of the ADMIN program. Version 0.43 Fixed an error where a session would crash if a file date was in the future. Fixed an error in user logging: uploads were being reported as downloads. Added a new user class "Manager". Non-managers no longer see system and hidden files in the directory listings. Added transfer times to the user log. Version 0.42 Fixed a bug related to path names starting with '/'. Added support for Unix dir flags 'A', 'a', 'F', 'l'. This means that we now support NcFTP's "get recursive" operation. It probably also means compatibility with a greater range of clients, but I haven't yet tested that. Modified the permission file syntax rules so that the quotation marks are optional (though they're still needed for things like file names that contain space characters). Also fixed a problem that caused an infinite loop for certain syntax errors in the permission file. New permission 'V'. Added the "CheckPRM" program to the distribution. Virtual drives now supported. Version 0.41 First version for which this change list was kept. Finally solved the Netscape "transfer never completes" problem. Screen debug messages now have a session identifier.